US2025358188A1PendingUtilityA1

Systems and methods for network anomaly detection and policy enforcement

68
Assignee: IP INFUSION INCPriority: Apr 26, 2023Filed: Jul 25, 2025Published: Nov 20, 2025
Est. expiryApr 26, 2043(~16.8 yrs left)· nominal 20-yr term from priority
H04L 41/14H04L 63/1441G06N 20/00H04L 63/1425H04L 63/0227H04L 41/0894H04L 63/20
68
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

This disclosure describes methods, devices, and systems for network anomaly detection and policy enforcement. An example method includes obtaining metadata for a plurality of network packets. The method also includes detecting an anomaly in the plurality of network packets by analyzing the obtained metadata and the operating information. The method also includes generating, without user input, a policy rule based on the detected anomaly. The method further includes enforcing the policy rule at the one or more network devices.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method of anomaly mitigation, the method comprising:
 obtaining metadata for a plurality of network packets;   obtaining operating information corresponding to one or more network devices;   detecting an anomaly in the plurality of network packets by analyzing the obtained metadata and the operating information;   generating, without user input, a policy rule based on the detected anomaly; and   enforcing the policy rule at the one or more network devices.   
     
     
         2 . The method of  claim 1 , wherein the policy rule is enforced via respective worker nodes implemented at each of the one or more network devices. 
     
     
         3 . The method of  claim 1 , wherein the metadata includes packet header information for the plurality of network packets. 
     
     
         4 . The method of  claim 1 , wherein the plurality of network packets includes one or more control protocol packets. 
     
     
         5 . The method of  claim 1 , further comprising generating a time series profile of network elements and network operations, wherein the network elements comprise the one or more network devices and the anomaly is detected using the time series profile. 
     
     
         6 . The method of  claim 1 , wherein the anomaly is detected using pattern matching or using one or more machine learning models. 
     
     
         7 . The method of  claim 1 , wherein the metadata is obtained via a network collector device that is configured to mirror packet metadata from the plurality of network packets, wherein the mirrored packet metadata comprises packet header information. 
     
     
         8 . The method of  claim 1 , wherein the anomaly is detected via an operations device distinct from the one or more network devices. 
     
     
         9 . The method of  claim 1 , wherein the policy rule is generated via a policy device using a policy graph database. 
     
     
         10 . The method of  claim 1 , wherein the anomaly corresponds to a fault in the one or more network devices. 
     
     
         11 . The method of  claim 1 , wherein the anomaly corresponds to malicious activity. 
     
     
         12 . The method of  claim 1 , wherein the anomaly comprises a routing anomaly. 
     
     
         13 . The method of  claim 12 , wherein the routing anomaly corresponds to a change in a border gateway protocol (BGP) routing. 
     
     
         14 . The method of  claim 1 , wherein the network packets correspond to at least one of: an optical network, a microwave-based network, a cellular network, and an Internet network. 
     
     
         15 . The method of  claim 1 , wherein the policy rule comprises an evaluation component and an action component. 
     
     
         16 . The method of  claim 1 , wherein generating the policy rule comprises augmenting a pre-existing set of policy rules. 
     
     
         17 . The method of  claim 1 , wherein the operating information comprises one or more of: information about an operating state of the one or more network devices, information about a network state detected by the one or more network devices, and information about hardware and/or software of the one or more network devices. 
     
     
         18 . The method of  claim 17 , wherein the operating information comprises information about a power supply of the one or more network devices. 
     
     
         19 . A non-transitory computer-readable storage medium storing one or more sets of instructions configured for execution by a computing system having control circuitry and memory, the one or more sets of instructions comprising instructions for:
 obtaining metadata for a plurality of network packets;   obtaining operating information corresponding to one or more network devices;   detecting an anomaly in the plurality of network packets by analyzing the obtained metadata;   generating, without user input, a policy rule based on the detected anomaly and the operating information; and   enforcing the policy rule at the one or more network devices.   
     
     
         20 . A network interface component, comprising:
 one or more processors; and   memory storing one or more programs, wherein the one or more programs are configured to be executed by the one or more processors, the one or more programs including instructions for:   obtaining metadata for a plurality of network packets;   obtaining operating information corresponding to one or more network devices;   detecting an anomaly in the plurality of network packets by analyzing the obtained metadata;   generating, without user input, a policy rule based on the detected anomaly and the operating information; and   enforcing the policy rule at the one or more network devices.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.